Dave, thanks much.
OK, SSL_CTX_set_default_verify_paths() won't do anything for me.
> There is definitely an engine for MS CAPI
I ran into some references to capi and e_capi researching this question on
the Google but I could not find any big picture.
> Or of course you could just read the cert
Ah well. I tried to help.
> which is .exe only on Windows
The OP said he was on Win 2K8.
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Friday, August 31, 2012 3:58 PM
To: openssl-users@openssl.o
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Friday, 31 August, 2012 12:00
> To: openssl-users@openssl.org
> Subject: SSL_CTX_set_default_verify_paths and Windows?
>
> Is there documentation for SSL_CTX_set_default_verify_paths()?
> It's declared here http://www.open
>From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
>Sent: Thursday, 30 August, 2012 19:50
>openssl s_client -connect NC-WIN2008X64:1433 -state -debug -msg -ssl3
>CONNECTED(0003)
>SSL_connect:before/connect initialization
>write to 08A018A8 [08A0B660] (100 bytes => 100 (0x64))
>
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Friday, 31 August, 2012 12:39
> To: openssl-users@openssl.org
> Subject: RE: Creating a SSH Key pair - public and private for
> my Windows 2008 server app so it can communicate with a
> partner sftp site
>
> You can do th
> From: owner-openssl-us...@openssl.org On Behalf Of Hankyaku
> Sent: Friday, 31 August, 2012 05:29
> I'm working on a bigger poject where openSSL is used. Right
> now I'm doing the migration from 1.0.0e to 1.0.1c. On the way
> I get a number of linking errors, like: "ssleay32.lib(ssl_sess.obj)
Hi Gerhard,
I have been playing with those options myself and your scenario should work.
Try using s_server -no_ssl2 -no_ssl3 -no_tls1 -no_tls1_1 in conjunction with
s_client -tls1_1. This sets exactly the options you indicate and it fails to
connect.
It's not clear from your code, but make
Hmm. That does seem odd.
Use openssl genrsa to generate the private key.
Use openssl rsa -pubout to generate the public key from the private key.
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ML Harmon
Sent: Friday, August 31, 2012 12:10 PM
T
I was good with openssl until this link.
http://www.openssl.org/docs/HOWTO/keys.txt
It says openssl creates one file for both the public and private keys. That
doesn't make sense to me.
See my above link.
"With OpenSSL, the private key contains the
public key information as well, so a public key
On Fri, Aug 31, 2012, Hankyaku wrote:
>
> Dear All,
>
> I've got another question regarding the contents of 1.0.1c.
> I didn't really find the references to what RFC specs are implemented in the
> new version (not many RFC references in changelogs and docs at all).
> I was wondering if Maximu
You can do this with the openssl.exe utility.
I am less than an expert but the doc is here:
http://www.openssl.org/docs/apps/openssl.html
Take a look at openssl.exe req -newkey
Charles
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ML Harmon
Sent: F
Is the firewall possibly blocking traffic to or from the server? "SSL
handshake has read 0 bytes" sounds like that is a possibility. Can other
applications (some e-mail client, I suppose) connect to imap.gmail.com:993?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailt
Dear All,
(Sorry for posting the 3rd separate thread, but I have totally independent
issues and I think it's better to handle them in different threads - eases
the search in the future.)
I had an issue with openSSL 1.0.0e with session resumption. According to the
RFC specs (as early as TLS v1.0)
Dear All,
I've got another question regarding the contents of 1.0.1c.
I didn't really find the references to what RFC specs are implemented in the
new version (not many RFC references in changelogs and docs at all).
I was wondering if Maximum Fragmentation Length (found in RFC6066 page 8)
was
Dear All,
I'm working on a bigger poject where openSSL is used. Right now I'm doing
the migration from 1.0.0e to 1.0.1c. On the way I get a number of linking
errors, like: "ssleay32.lib(ssl_sess.obj) : error LNK2001: unresolved
external symbol _BUF_strdup"
This problem relates to the new additi
I have a Windows 2008 server that runs an application I use to transfer
files to my business partner's site via sftp.
I need to generate a SSH key pair with openssl and then send my partner the
public key while I keep the private key.
I don't know how to do this with openssl, can someone help me?
Hi,
I can't seem to be able to connect to the gmail imap server from apps using
openssl. I am on an university network, behind a firewall.
% openssl s_client -debug -connect imap.gmail.com:993
CONNECTED(0004)
write to 0x1026ef0 [0x1026f70] (184 bytes => 184 (0xB8))
- 16 03 01 00 b3 01 00
> In implementing AES-CMAC-128 over a message, I assumed it would be
> equivalent in OpenSSL to hand the EVP_aes_128_cbc() EVP_CIPHER to CMAC, as
> I did not see a regular AES-128 EVP_CIPHER availble.
It looks like sending AES-CBC into CMAC is the same thing as AES-CMAC-128.
Question answered.
_
Is there documentation for SSL_CTX_set_default_verify_paths()? It's declared
here http://www.openssl.org/docs/ssl/ssl.html but there's no description and
no link that I see.
I have an application working on Windows using explicit PEM certificate
files: SSL_CTX_load_verify_locations(SslCtx, "myCert
Hello,
I'm usinng OpenSSL 1.0.1c in my Server application.
This application can be configured to disallow accepting certain SSL/TLS
protocols.
If only TLS1.2 shall be allowed, the application calls
meth=(SSL_METHOD*) SSLv23_server_method();
OpenSSLctx=SSL_CTX_new(meth);
.
SSL_CTX_set_opt
20 matches
Mail list logo